Dustin J. Mitchell

@AlexandreYang I see you self-assigned this for review a week ago -- did you want to have a look?

Now much simpler!

Yeah, this is a longstanding issue :( My understanding is that various HTTP things (servers, proxies, browsers, etc.) place various arbitrary limits on header sizes, so I don't think trying...

You could also create a client with the necessary scopes -- but doing one for each task may be a _lot_ of client rows!

This is especially problematic since the `errrors` section of `error_chain!` says "The syntax here is the same as `quick_error!`, but the `from()` and `cause()` syntax is not supported." Without any...

Here's a simple reproduction showing at least two bugs: https://codesandbox.io/s/heuristic-sun-revzx?file=/src/App.js ``` /** * Issue 1: urldecoding takes place on the path in Link's to prop, so "singly" * and "doubly"...

@jaredhanson - this one too?

Indeed, this is problematic for security issues in indirect dependencies, and the workaround of editing `yarn.lock`, while effective, is disappointing and difficult to automate. If this is not the default...

> Why not yarn install the transitive dep you want to update but don't commit the package.json changes, just the yarn.lock? I don't think that will (always?) work, because yarn...

Would it help to write some kind of external script to do this? I suppose it would just remove all `yarn.lock` entries for the given package, and then re-run yarn?